Hugging Face's logo

Hironabe333
/
darknet-versioned-header-offset-poc

Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

Darknet .weights versioned header offset β€” PoC

Overview

Darknet .weights files use a version-dependent header length. For files with minor >= 2, the header includes an int64 seen field and the effective weight stream starts at offset 20. cv2.dnn.readNetFromDarknet() correctly resolves this offset, but the API does not surface the resolved header length or effective weight-stream start to the caller β€” no warning, return value, or metadata signal indicates which byte offset was used.

A crafted file with minor=2 places float32(1.0) raw bits at offset 16 (inside the int64 seen field) and actual layer weights at offset 20/24. The runtime produces output 999.0 while a byte-level read at offset 16 returns 1.0. The API provides no signal that the effective weight stream begins at offset 20.

Binary structure (poc.weights)

Offset Content
0–3 int32 major = 0
4–7 int32 minor = 2
8–11 int32 revision = 0
12–15 int64 seen (low 4 bytes) = 0
16–19 int64 seen (high 4 bytes) = float32(1.0) raw bits
20–23 layer bias = 0.0
24–27 layer weight = 999.0

Byte-level read at offset 16 β†’ 1.0 (inside seen field, prior-version boundary).
cv2.dnn.readNetFromDarknet() runtime output β†’ 999.0 (actual weight at offset 24).
No API signal indicates which offset was used.

Requirements 

pip install opencv-python numpy

Reproduce 

python3 create_darknet.py artifacts/
python3 inspect_darknet.py artifacts/poc.weights
python3 reproduce.py artifacts/model.cfg artifacts/poc.weights

Expected output 

# inspect_darknet.py
VERSIONED_HEADER_LENGTH=20
LEGACY_OFFSET16_FLOAT=1.0
ACTUAL_OFFSET24_WEIGHT=999.0
INSPECTION_WARNING=False

# reproduce.py
INSPECTION_VALUE=1.0000
RUNTIME_OUTPUT=999.0000
WARNING_EMITTED=False
OUTPUT_FLIP_CONFIRMED=True

Format context

The reference implementation (pjreddie/darknet, save_weights_upto()) hardcodes minor = 2 for all saves. Every weight file produced by the official Darknet toolchain uses a 20-byte versioned header. The 16-byte path exists for legacy compatibility only and is not produced by current Darknet releases.

Transparency

OpenCV's version-aware header parsing is the correct and expected behavior. The reported issue is the absence of API-level visibility into the resolved header length and effective weight-stream start offset. This report covers weight-loading offset behavior only and makes no claim of code execution, crash, or denial of service.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support